Re: Backdoor.Lateda.C

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 05/25/05

Next message: Malke: "Re: Virus? - Disable .EXE, .COM, .LNK and group policy."
Previous message: Brian Hoyt: "Virus? - Disable .EXE, .COM, .LNK and group policy."
In reply to: shuckie69: "Re: Backdoor.Lateda.C"
Next in thread: shuckie69: "Re: Backdoor.Lateda.C"
Reply: shuckie69: "Re: Backdoor.Lateda.C"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 May 2005 09:04:22 -0400

From: "shuckie69" <shuckie69@discussions.microsoft.com>

| Hi David
|
| As per my initial message; "...but the Trojan keeps the modem com port busy
| preventing me from connecting to the Net most of the time, and even when I
| can connect it stops me from downloading anything...". With this being an
| XP machine, a message keep appearing approx every 10 seconds saying the a
| program is trying to connect to the l33t.freeshellz.org domain. As a result
| when I try to connect I get a message saying the modem COM port is busy. I
| haven't been able to connect to the Net since I posted this message,
| therefore I can't update Sysclean, Ad-Aware, AntiVir or anything else! If I
| detach and reconnect the ADSL modem's USB cable, the trojan instantly tries
| to connect.
|
| Any ideas???

Shutdown as many applications as possible
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Copy and Paste the following command line on the; Start --> Run location

%comspec% /c del %windir%\system32\drivers\etc\hosts

Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
to allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.

* * * Please report back your results * * *

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Next message: Malke: "Re: Virus? - Disable .EXE, .COM, .LNK and group policy."
Previous message: Brian Hoyt: "Virus? - Disable .EXE, .COM, .LNK and group policy."
In reply to: shuckie69: "Re: Backdoor.Lateda.C"
Next in thread: shuckie69: "Re: Backdoor.Lateda.C"
Reply: shuckie69: "Re: Backdoor.Lateda.C"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Windows XP wont start upon boot
... Enquire, plan and execute ... Once the computer does boot you can then look to add back ... If you can't reach a Windows ... Stop trying to defend your suggestion of disabling AR, ...
(microsoft.public.windowsxp.general)
Re: Iexplore listed in task manager.
... Download CLEAN.EXE from the URL -- ... CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. ... DOS disk boot images can be obtained from; ... Execute; CLEAN.EXE ...
(microsoft.public.windowsxp.general)
Re: Infections
... | After completing a Spyware scan I found that my computer is infected. ... | I am on Windows XP SP2installed with Norton Internet security and Antivirus, ... DOS disk boot images can be obtained from; ... Execute; CLEAN.EXE ...
(microsoft.public.windowsxp.security_admin)
Re: desktop with no icons
... I get the same symptoms booting to safe mode also. ... CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. ... you have booted from an Emergency Boot Disk or DOS disk and have already executed; ... Execute; CLEAN.EXE ...
(microsoft.public.windowsxp.security_admin)
Re: Safari carpet bomb exploit!!!
... And by the way only the Windows version of Safari is affected. ... Mac Safari even downloading the darned thing, but at least it doesn't execute the file. ... I guess that "Open Safe Files after downloading" option in Safari was just a figment of my imagination. ...
(comp.sys.mac.advocacy)